browser history - back button.

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

We are developing a secure site. One a user logs off of the site we do not want them to have the ability to hit the back button and display the secure pages on the site. We started to look at using server.transfers rather than response.redirects to navigate the users through the site. The problem we are running into is browser history entries are created with a form's postback. How do we get arround this problem

Thanks in advance for your help
-Dave
 
the best you can do is expire the pages, so the browser will rerequest them
(unless the user turns this off).

-- bruce (sqlwork.com)


Dave Carroll said:
We are developing a secure site. One a user logs off of the site we do
Click to expand...
not want them to have the ability to hit the back button and display the
secure pages on the site. We started to look at using server.transfers
rather than response.redirects to navigate the users through the site. The
problem we are running into is browser history entries are created with a
form's postback. How do we get arround this problem?
 
Overwrite nav history:

location.replace("logout.aspx");

Dave Carroll said:
We are developing a secure site. One a user logs off of the site we do
Click to expand...
not want them to have the ability to hit the back button and display the
secure pages on the site. We started to look at using server.transfers
rather than response.redirects to navigate the users through the site. The
problem we are running into is browser history entries are created with a
form's postback. How do we get arround this problem?
 
Dave said:
We are developing a secure site. One a user logs off of the site we
do not want them to have the ability to hit the back button and
display the secure pages on the site. We started to look at using
server.transfers rather than response.redirects to navigate the users
through the site. The problem we are running into is browser
history entries are created with a form's postback. How do we get
arround this problem?
Click to expand...

Make your pages non-cacheable by setting appropriate Cache-Control headers.

Cheers,
 
Back
Top